Message ID | 20170203163708.13943-1-hch@lst.de (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
On Fri, Feb 03 2017 at 11:37am -0500, Christoph Hellwig <hch@lst.de> wrote: > .. at least for unprivileged users. Before we called into the SCSI > ioctl code to allow excemptions for a few SCSI passthrough ioctls, > but this is pretty unsafe and except for this call dm knows nothing > about SCSI ioctls. > > As the SCSI ioctl code is now optional, we really don't want to > drag it in for DM, and the exception is not very useful anyway. > > Signed-off-by: Christoph Hellwig <hch@lst.de> > Acked-by: Mike Snitzer <snitzer@redhat.com> > --- > drivers/md/dm.c | 13 ++++++++----- > 1 file changed, 8 insertions(+), 5 deletions(-) > > diff --git a/drivers/md/dm.c b/drivers/md/dm.c > index 9e958bc94fed..fd4331aa2e19 100644 > --- a/drivers/md/dm.c > +++ b/drivers/md/dm.c > @@ -465,13 +465,16 @@ static int dm_blk_ioctl(struct block_device *bdev, fmode_t mode, > > if (r > 0) { > /* > - * Target determined this ioctl is being issued against > - * a logical partition of the parent bdev; so extra > - * validation is needed. > + * Target determined this ioctl is being issued against a > + * subset of the parent bdev; require extra privileges. > */ > - r = scsi_verify_blk_ioctl(NULL, cmd); > - if (r) > + if (!capable(CAP_SYS_RAWIO)) { > + DMWARN_LIMIT( > + "%s: sending ioctl %x to DM device without required privilege.\n", I assume you meant for v3 to remove the newline? ;)
On Fri, Feb 03, 2017 at 11:39:22AM -0500, Mike Snitzer wrote:
> I assume you meant for v3 to remove the newline? ;)
I did. And I swear I did edit the file, but I guess the ammend
didn't work. I guess it's time for the weekend.. I'll resend after
I got some rest.
On 03/02/2017 08:37, Christoph Hellwig wrote: > .. at least for unprivileged users. Before we called into the SCSI > ioctl code to allow excemptions for a few SCSI passthrough ioctls, > but this is pretty unsafe and except for this call dm knows nothing > about SCSI ioctls. > > As the SCSI ioctl code is now optional, we really don't want to > drag it in for DM, and the exception is not very useful anyway. > > Signed-off-by: Christoph Hellwig <hch@lst.de> > Acked-by: Mike Snitzer <snitzer@redhat.com> > --- > drivers/md/dm.c | 13 ++++++++----- > 1 file changed, 8 insertions(+), 5 deletions(-) > > diff --git a/drivers/md/dm.c b/drivers/md/dm.c > index 9e958bc94fed..fd4331aa2e19 100644 > --- a/drivers/md/dm.c > +++ b/drivers/md/dm.c > @@ -465,13 +465,16 @@ static int dm_blk_ioctl(struct block_device *bdev, fmode_t mode, > > if (r > 0) { > /* > - * Target determined this ioctl is being issued against > - * a logical partition of the parent bdev; so extra > - * validation is needed. > + * Target determined this ioctl is being issued against a > + * subset of the parent bdev; require extra privileges. > */ > - r = scsi_verify_blk_ioctl(NULL, cmd); > - if (r) > + if (!capable(CAP_SYS_RAWIO)) { > + DMWARN_LIMIT( > + "%s: sending ioctl %x to DM device without required privilege.\n", > + current->comm, cmd); > + r = -ENOIOCTLCMD; > goto out; > + } > } > > r = __blkdev_driver_ioctl(bdev, mode, cmd, arg); > Acked-by: Paolo Bonzini <pbonzini@redhat.com> Thanks, Paolo
On 02/03/2017 05:41 PM, Christoph Hellwig wrote: > On Fri, Feb 03, 2017 at 11:39:22AM -0500, Mike Snitzer wrote: >> I assume you meant for v3 to remove the newline? ;) > I did. And I swear I did edit the file, but I guess the ammend > didn't work. I guess it's time for the weekend.. I'll resend after > I got some rest. Forgotten git add? git commit --amend without git add is such a classic mistake on my side as well :-/ Anyways, Reviewed-by: Johannes Thumshirn <jthumshirn@kernel.org>
On Fri, 2017-02-03 at 19:17 +0100, Johannes Thumshirn wrote: > Forgotten git add? git commit --amend without git add is such a classic > mistake on my side as well :-/ Are you familiar with the -a option of git commit? Just run git commit -a --amend Bart.
On 02/03/2017 10:41 PM, Bart Van Assche wrote: > On Fri, 2017-02-03 at 19:17 +0100, Johannes Thumshirn wrote: >> Forgotten git add? git commit --amend without git add is such a classic >> mistake on my side as well :-/ > Are you familiar with the -a option of git commit? Just run > > git commit -a --amend Yes I try to train my muscle memory to do so. But this has drawbacks as well, like adding unrelated files you've edited and then amend them. Byte, Johannes
diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 9e958bc94fed..fd4331aa2e19 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -465,13 +465,16 @@ static int dm_blk_ioctl(struct block_device *bdev, fmode_t mode, if (r > 0) { /* - * Target determined this ioctl is being issued against - * a logical partition of the parent bdev; so extra - * validation is needed. + * Target determined this ioctl is being issued against a + * subset of the parent bdev; require extra privileges. */ - r = scsi_verify_blk_ioctl(NULL, cmd); - if (r) + if (!capable(CAP_SYS_RAWIO)) { + DMWARN_LIMIT( + "%s: sending ioctl %x to DM device without required privilege.\n", + current->comm, cmd); + r = -ENOIOCTLCMD; goto out; + } } r = __blkdev_driver_ioctl(bdev, mode, cmd, arg);